FIPS validation must be done by independent, accredited third-party laboratories, which are accredited by the National Voluntary Laboratory Accreditation Program. The vendor works to create the test reports for the module and submits them to the National Institute of Standards and Technology (NIST) for review. Only after all of this can a module be deemed “FIPS 140-2 Validated”. That assures the whole product has passed FIPS validation and can be used to secure sensitive information. Due to the cost and time associated with validation, some manufacturers might stick with claiming “FIPS Compliant”. This could mean that some parts are designed to FIPS standards, but the product is not completely validated by a certified NIST laboratory.